Microsoft Technical Bulletins

The latest updates for all the Microsoft Products you use every day.

Written by Richard Quatier

My goal is to help your business by integrating processes that automate mundane tasks and simplify complex ones without breaking budgets.

September 8, 2020

Blog Home

Microsoft Authenticator App Lock will be enabled by default

From Microsoft Corporation

MC220224, Stay Informed, Published date: Aug 12, 2020

If you do not have users who are using the Microsoft Authenticator app on their mobile devices for two-factor authentication, you may safely ignore this message.

Microsoft Authenticator App Lock will soon be enabled by default if the user has set up a PIN or biometric on the device.

When this will happen

  • For iOS, we are rolling this out gradually in mid-August and should be complete by the end of August.
  • For Android, we are rolling this out gradually in late August and should be complete by mid-September.

How this affects your organization

The Microsoft Authenticator app can serve as a second verification method after users sign in with username and password, or it can allow sign-in without a password by using a mobile device with PIN or biometrics (fingerprint or face). App Lock keeps one-time passcodes, app information, and app settings more secure.

Currently, when a login notification arrives on the phone, users can approve or deny from the lock screen.

However, with App Lock enabled users will need to launch the app (on iOS) or launch a dialog (on Android) before they can approve/deny the request. They will also need to provide an additional PIN/biometrics gesture to successfully authenticate the login request.

App Lock

What you need to do to prepare

Consider updating your user training and documentation.

  • For Enterprise on-premise multi-factor authentication (MFA) notifications that already require a PIN
    • The flow is unchanged. After users interact with the notification, they will need to provide their MFA PIN (not device PIN). In subsequent approvals, they will have the option to use the device bio gesture instead of the MFA PIN.
  • Azure AD and MSA Phone sign-in notifications
    • The flow is unchanged.

Users can go to the Settings page in the Authenticator app and return the App Lock toggle to the Off position.

You May Also Like…

Security Defaults – MFA update to four administrator roles

Security Defaults – MFA update to four administrator roles

From Microsoft Corporation MC224734, Stay Informed, Published date: Oct 20, 2020Admin impact, New feature If you have Security Defaults enabled in your tenant, all Application Administrators, Cloud Application Administrators, Password...

15 + 6 =

Call Now

(425) 367-9025

17939 95th Place NE

Bothell, WA 98011